0

Hackers attack my website through sql injection and running fake queries how to prevent them need help.

Is there any firewall which prevent Hackers attacks etc or i should use mysql_real_escape_string($_REQUEST);

AstroCB
  • 12,337
  • 20
  • 57
  • 73
Huzoor Bux
  • 1,026
  • 4
  • 20
  • 46
  • you should use mysql_real_escape_string for preventing sql injection – Mihai Matei Aug 06 '12 at 10:00
  • possible duplicate of [Best way to prevent SQL Injection in PHP](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) – eggyal Aug 06 '12 at 10:03

2 Answers2

1

Is there any firewall which prevent Hackers attacks etc

No, firewalls are of no use. Attackers insert their inputs (queries) in the usual place (HTML textbox, URLs etc). If it was possible, firewalls wouldn't be able to distinguish between genuine and evil users.

You must use `mysql_real_escape_string(..). Or even better use prepared statements

UltraInstinct
  • 43,308
  • 12
  • 81
  • 104
  • I have read in some sites `mysql_real_escape_string(..)` can be hacked if yes then what would be the best solution to edit my script currently i can't shift my script on frameworks etc. – Huzoor Bux Aug 06 '12 at 11:06
  • `mysql_real_escape_string(..)` is being deprecated (BTW, I am interested in reading from those sites; can you link in?). Using MySQLi/PDO is the best and safest way.. – UltraInstinct Aug 06 '12 at 11:17
0

If your site contains valuable data like user data please shut your site down before fixing the problem.

Copy the log and copy the fake queries the hackers performed. This will help you in determining the security leak of your application.

If you wrote the application yourself you should read up on good security practices and update your application accordingly.

If you're using a third party application like Wordpress or Drupal please update to the latest versions of the code you're using. Try to reproduce the hack, if you fail: good! If you succeed in hacking: fix the leak or stop using the code.

If you're using a framework like Symfony or Zend Framework, please update to the latest version and try to reproduce the hack.

Niels Bom
  • 8,728
  • 11
  • 46
  • 62